summaryrefslogtreecommitdiff
path: root/monitor.c
AgeCommit message (Collapse)Author
2005-09-14* Add remaining pieces of Kerberos support (closes: #275472):Colin Watson
- Add GSSAPI key exchange support from http://www.sxw.org.uk/computing/patches/openssh.html (thanks, Stephen Frost).
2005-09-14Merge 4.2p1 to the trunk.Colin Watson
2005-07-17 - (djm) [monitor.c monitor_wrap.c] -Wsign-compare for PAM monitor callsDamien Miller
2005-06-17Manoj Srivastava:Colin Watson
- Added SELinux capability, and turned it on be default. Added restorecon calls in preinst and postinst (should not matter if the machine is not SELinux aware). By and large, the changes made should have no effect unless the rules file calls --with-selinux; and even then there should be no performance hit for machines not actively running SELinux. - Modified the preinst and postinst to call restorecon to set the security context for the generated public key files. - Added a comment to /etc/pam.d/ssh to indicate that an SELinux system may want to also include pam_selinux.so.
2005-04-03 - (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_readDarren Tucker
will free as needed. ok tim@ djm@
2005-03-31 - (dtucker) [monitor.c] Remaining part of fix for bug #1006.Darren Tucker
2005-03-14 - deraadt@cvs.openbsd.org 2005/03/10 22:01:05Darren Tucker
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c readconf.c bufaux.c sftp.c] spacing
2005-03-06 - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitorDarren Tucker
when attempting to audit disconnect events. Reported by Phil Dibowitz.
2005-02-09 - dtucker@cvs.openbsd.org 2005/01/30 11:18:08Darren Tucker
[monitor.c] Make code match intent; ok djm@
2005-02-08 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.cDarren Tucker
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit defines and enums with SSH_ to prevent namespace collisions on some platforms (eg AIX).
2005-02-04 - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too.Darren Tucker
2005-02-03 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.cDarren Tucker
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: (first stage) Add audit instrumentation to sshd, currently disabled by default. with suggestions from and djm@
2004-09-11 - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]Darren Tucker
Bug #892: Send messages from failing PAM account modules to the client via SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with SSH2 kbdint authentication, which need to be dealt with separately. ok djm@
2004-07-17 - dtucker@cvs.openbsd.org 2004/07/17 05:31:41Darren Tucker
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c] Move "Last logged in at.." message generation to the monitor, right before recording the new login. Fixes missing lastlog message when /var/log/lastlog is not world-readable and incorrect datestamp when multiple sessions are used (bz #463); much assistance & ok markus@
2004-06-22 - dtucker@cvs.openbsd.org 2004/06/22 05:05:45Darren Tucker
[monitor.c monitor_wrap.c] Change login->username, will prevent -Wshadow errors in Portable; ok markus@
2004-06-22 - (dtucker) [monitor.c] Fix Portable-specific -Wshadow warnings on "socket".Darren Tucker
2004-06-22 - avsm@cvs.openbsd.org 2004/06/21 17:36:31Darren Tucker
[auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c sshpty.c] make ssh -Wshadow clean, no functional changes markus@ ok There are also some portable-specific -Wshadow warnings to be fixed in monitor.c and montior_wrap.c.
2004-06-15 - djm@cvs.openbsd.org 2004/06/13 12:53:24Damien Miller
[dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h] [ssh-keyscan.c sshconnect2.c sshd.c] implement diffie-hellman-group14-sha1 kex method (trivial extension to existing diffie-hellman-group1-sha1); ok markus@
2004-05-13 - deraadt@cvs.openbsd.org 2004/05/11 19:01:43Darren Tucker
[auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c] improve some code lint did not like; djm millert ok
2004-05-13 - djm@cvs.openbsd.org 2004/05/09 01:19:28Darren Tucker
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c sshd.c] removed: mpaux.c mpaux.h kill some more tiny files; ok deraadt@
2004-04-14 - (dtucker) [auth-skey.c defines.h monitor.c] Make skeychallenge explicitlyDarren Tucker
4-arg, with compatibility for 3-arg versions. From djm@, ok me.
2004-04-08 - (bal) [monitor.c monitor_wrap.c] Ok.. Last time. Promise. Tim suggestedBen Lindstrom
limiting scope and dtucker@ agreed.
2004-04-08 - (bal) [monitor.c monitor_wrap.c] Second try. Put the zlib.h headersBen Lindstrom
back and #undef TARGET_OS_MAC instead. (Bug report pending with Apple)
2004-04-07 - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to seeBen Lindstrom
if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X) are starting to restrict it as internal since it is not needed by developers any more. (Patch based on Apple tree) - (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since krb5 on MacOS/X conflicts. There may be a better solution, but this will work for now.
2004-03-08 - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.cDarren Tucker
monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized even if keyboard-interactive is not used by the client. Prevents segfaults in some cases where the user's password is expired (note this is not considered a security exposure). ok djm@
2004-02-06 - dtucker@cvs.openbsd.org 2004/02/05 05:37:17Darren Tucker
[monitor.c sshd.c] Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@
2003-11-21more whitespace (tabs this time)Damien Miller
2003-11-21 - djm@cvs.openbsd.org 2003/11/21 11:57:03Damien Miller
[everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)
2003-11-18 - djm@cvs.openbsd.org 2003/11/18 10:53:07Damien Miller
[monitor.c] unbreak fake authloop for non-existent users (my screwup). Spotted and tested by dtucker@; ok markus@
2003-11-18 - (djm) Fix early exit for root auth success when UsePAM=yes andDamien Miller
PermitRootLogin=no
2003-11-17 - markus@cvs.openbsd.org 2003/11/17 11:06:07Damien Miller
[auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h sshconnect2.c ssh-gss.h] replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.
2003-11-17 - djm@cvs.openbsd.org 2003/11/04 08:54:09Damien Miller
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c] [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c] [session.c] standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
2003-10-02 - markus@cvs.openbsd.org 2003/09/23 20:17:11Darren Tucker
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h ssh-agent.c sshd.c] replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
2003-09-03 - markus@cvs.openbsd.org 2003/08/26 09:58:43Damien Miller
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c] [auth2.c monitor.c] fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
2003-09-02 - markus@cvs.openbsd.org 2003/08/28 12:54:34Damien Miller
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5] [sshconnect1.c sshd.c sshd_config sshd_config.5] remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-08-26 - deraadt@cvs.openbsd.org 2003/08/24 17:36:52Darren Tucker
[monitor.c monitor_wrap.c sshconnect2.c] 64 bit cleanups; markus ok
2003-08-26 - markus@cvs.openbsd.org 2003/08/22 10:56:09Darren Tucker
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c session.h ssh-gss.h ssh_config.5 sshconnect2.c sshd_config sshd_config.5] support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
2003-08-25 - (djm) Bug #564: Perform PAM account checks for all authentications whenDamien Miller
UsePAM=yes; ok dtucker
2003-08-02 - (dtucker) OpenBSD CVS SyncDarren Tucker
- markus@cvs.openbsd.org 2003/07/22 13:35:22 [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h] remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@ - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support. - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files. I hope I got this right....
2003-06-28 - markus@cvs.openbsd.org 2003/06/24 08:23:46Darren Tucker
[auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c] int -> u_int; ok djm@, deraadt@, mouring@
2003-06-18 - (djm) OpenBSD CVS SyncDamien Miller
- markus@cvs.openbsd.org 2003/06/12 07:57:38 [monitor.c sshlogin.c sshpty.c] typos; dtucker at zip.com.au
2003-06-03 - (djm) OpenBSD CVS SyncDamien Miller
- markus@cvs.openbsd.org 2003/06/02 09:17:34 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] [sshd_config.5] deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@ - (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-05-25 - djm@cvs.openbsd.org 2003/05/24 09:30:40Damien Miller
[authfile.c monitor.c sftp-common.c sshpty.c] cast some types for printing; ok markus@
2003-05-14 - markus@cvs.openbsd.org 2003/05/14 08:57:49Damien Miller
[monitor.c] http://bugzilla.mindrot.org/show_bug.cgi?id=560 Privsep child continues to run after monitor killed. Pass monitor signals through to child; Darren Tucker
2003-05-14 - (djm) Add new UsePAM configuration directive to allow runtime controlDamien Miller
over usage of PAM. This allows non-root use of sshd when built with --with-pam
2003-05-14 - markus@cvs.openbsd.org 2003/05/14 02:15:47Damien Miller
[auth2.c monitor.c sshconnect2.c auth2-krb5.c] implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@ server interops with commercial client; ok jakob@ djm@
2003-05-14 - (djm) RCSID sync w/ OpenBSDDamien Miller
2003-05-10 - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge withDamien Miller
proper challenge-response module
2003-04-29 - (djm) Add back radix.o (used by AFS support), after it went missing fromDamien Miller
Makefile many moons ago - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer - (djm) Fix blibpath specification for AIX/gcc - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
2003-04-09*** empty log message ***Damien Miller